MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4428aebb9dac740e189fdb37a1f3dab38f9fea43a7de8370d2b17921477c7b80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FormBook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4428aebb9dac740e189fdb37a1f3dab38f9fea43a7de8370d2b17921477c7b80
SHA3-384 hash: 0b872057c4091f6d0f7042447cdbf0df86a3a23b45b539cd664d07e9c5f6618f0fe757916bea17da3d814844fc80a102
SHA1 hash: b3015b1321890df4f15d1a620c65e021bc9c0a90
MD5 hash: b2fcc22977e87562353fc760504e2303
humanhash: delta-friend-diet-xray
File name:V-12585.rar
Download: download sample
Signature FormBook
Create hunting rule
File size:379'812 bytes
First seen:2020-05-21 10:15:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:8xCLNRnyAeTX6lpcgUt0tuE8E7qDqR/UYz2StLvSv5Deg65t/SKDuzyV:gChR6ghtr7qDqRGgv8i7qKDu2V
TLSH 37842323102B56688D2B5826CC8715CD96C694A3235A134938ECFF29F9B1F737358DAB
Reporter abuse_ch
Tags:FormBook rar


Avatar
abuse_ch
Malspam distributing FormBook:

HELO: yisun.co
Sending IP: 111.90.159.196
From: Zhaohui Liu <liu@yisun.co>
Subject: AW: YANCHENG- ORDER GOOCE
Attachment: V-12585.rar (contains "V-12585.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:36:53 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iquk5o45vr2a4ge73m32d462wohz72sdu7pig4gswf4scr34poaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

FormBook

rar 4428aebb9dac740e189fdb37a1f3dab38f9fea43a7de8370d2b17921477c7b80

(this sample)

FormBook

Executable exe f46ea866a034694bb34ddd4207ae960a5e43390ca9f9ad58daf4d14c42dbbc79

  
Dropping
MD5 d638058854e4c346a0d7479951e2dbd3
  
Dropping
FormBook
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f46ea866a034694bb34ddd4207ae960a5e43390ca9f9ad58daf4d14c42dbbc79

Comments